Researchers Aim To Stop Android Data Leaks

Security capabilities shouldn't need to be bolted onto the mobile operating system, but unfortunately we're headed down the same painful path with smartphones and tablets that we took with desktops and notebooks.

George V. Hulme, Contributor

April 14, 2011

2 Min Read
InformationWeek logo in a gray background | InformationWeek

Researchers at North Carolina State University have developed software that aims to protect Android smartphone users' data from being stolen. My question: Is this really necessary?

The answer is probably "yes." But should it be?

Dr. Xuxian Jiang, an assistant professor of computer science at N.C. State and co-author of a paper describing the research, said in a statement, "There are a lot of concerns about potential leaks of personal information from smartphones."

No argument.

And to help Android users regain some control over their information, the team developed software they say will give users flexible control over what personal information is made available to what applications. They've named the software, Taming Information-Stealing Smartphone Applications, or TISSA.

In their statement, the team said TISSA works by creating a privacy setting manager that enables users to customize the level of information each smartphone application can access. Those settings can be adjusted any time that the relevant applications are being run–instead of just at their installation.

TISSA, currently in prototype, includes four possible privacy settings for each application: Trusted, Anonymized, Bogus, and Empty, according to their statement. "If an application is listed as Trusted, TISSA does not impose additional information access restrictions. If the user selects Anonymized, TISSA provides the application with generalized information that allows the application to run, without providing access to detailed personal information. The Bogus setting provides an application with fake results when it requests personal information. The Empty setting responds to information requests by saying the relevant information does not exist or is unavailable," they said.

Now, why wouldn't this be a good idea? Why wouldn't people want a Personally Identifiable Information firewalled? They would. That's not the problem. The problem is that these sort of capabilities shouldn't have to be bolted onto the mobile operating system. They should be built into the feature set of the phone.

But it won't be that way. We have anti-virus for mobile, firewalls, and now this type of information protection. We are going down the same painful path with smartphones and tablets that we took with desktops and notebooks–and we haven't learned a thing.

The paper, "Taming Information-Stealing Smartphone Applications (on Android)," was co-authored by Jiang; Yajin Zhou, a Ph.D. student at NC State; Dr. Vincent Freeh, an associate professor of computer science at NC State; and Dr. Xinwen Zhang of Huawei America Research Center. The paper will be presented in June at the 4th International Conference on Trust and Trustworthy Computing, in Pittsburgh, Pa.

About the Author

George V. Hulme

Contributor

An award winning writer and journalist, for more than 20 years George Hulme has written about business, technology, and IT security topics. He currently freelances for a wide range of publications, and is security blogger at InformationWeek.com.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights